DDoS attacks are proliferating, growing in power and becoming more complicated to defend against. What's more, there seems to be a widespread tolerance for the perpetrators, who appear to be more brazen than ever, writes Roger A. Grimes at InfoWorld.

From a technology standpoint, DDoS attacks are getting bigger. At one time, a 1 Gbps attack was seen as daunting, but now attacks of 20 Gbps are routine, according to Neal Quinn, vice president of operations at security firm Prolexic. Worse yet, they are now targeting the application layer rather than the routing and transport layers.

"Attackers are now spending a much longer period of time researching their targets and the applications they are running, trying to figure out where they can cause the most pain with a particular application," Quinn said. "For example, they may do reconnaissance to figure out what URL post will cause the most resource-consuming Web page refresh."

DDoS attackers are also becoming adept at assaulting from numerous fronts, making it harder for companies to defend themselves. Sometimes these multi-pronged attacks are red herrings to deflect attention from more serious attacks going on. "When the victim company is hit with a DDoS, it usually causes a little panic and the customer brings their best and brightest resources to bear on the problem. This takes those same individuals away from their other monitoring duties," Quinn said.

One of the reasons DDoS attacks don't generate more outrage and punishment is that they have become a tool for social and political statements, and the perpetrators are often very open about their intent. They publicly discuss their targets in advance and then go to the press with the news prior to an attack.

To keep DDoS assaults at bay, start by focusing on performance optimization, using anti-DDoS settings on the most likely targets, Quinn recommends. Be sure to have a handle on any weak links on web servers or other security risks. Have enough bandwidth and computing power at your disposal to stand up to the attacks, and figure out how to deal with huge traffic spikes by using peering agreements or DDoS mitigation service agreements. Finally, set your DNS records' time-to-live configuration low so that you can detect changes rapidly, and make sure the early alerting setting is configured.

For more:
- see Roger A. Grimes's article at InfoWorld

Related Articles:
WikiLeaks hactivists seek revenge against MasterCard, others
Monsanto hit by Anonymous; oil companies targeted